Security Advisory Moderate: xorg-x11-apps and libX11 security update

Advisory: RHSA-2007:0157-2
Type: Security Advisory
Severity: Moderate
Issued on: 2007-04-16
Last updated on: 2007-04-16
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
OVAL: com.redhat.rhsa-20070157.xml
CVEs (cve.mitre.org): CVE-2007-1667

Details

Updated xorg-x11-apps and libX11 packages that fix a security issue are now
available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

X.org is an open source implementation of the X Window System. It provides
the basic low-level functionality that full-fledged graphical user
interfaces are designed upon.

An integer overflow flaw was found in the X.org XGetPixel() function.
Improper use of this function could cause an application calling it to
function improperly, possibly leading to a crash or arbitrary code
execution. (CVE-2007-1667)

Users of the X.org X11 server should upgrade to these updated packages,
which contain a backported patch and are not vulnerable to this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
libX11-1.0.3-8.0.1.el5.src.rpm
File outdated by:  RHEA-2009:1332		     4c6cf452385e085b57f53f32cb9d1521
 
IA-32:
libX11-devel-1.0.3-8.0.1.el5.i386.rpm
File outdated by:  RHEA-2009:1332		     7b2d2ba7bb68a47bd7662322e781ae7a
 
x86_64:
libX11-devel-1.0.3-8.0.1.el5.i386.rpm
File outdated by:  RHEA-2009:1332		     7b2d2ba7bb68a47bd7662322e781ae7a
libX11-devel-1.0.3-8.0.1.el5.x86_64.rpm
File outdated by:  RHEA-2009:1332		     acadc303e67b0c14da568f0425fde65d
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
libX11-1.0.3-8.0.1.el5.src.rpm
File outdated by:  RHEA-2009:1332		     4c6cf452385e085b57f53f32cb9d1521
xorg-x11-apps-7.1-4.0.1.el5.src.rpm     ff54c8414720357c1777beba9c7b9e25
 
IA-32:
libX11-1.0.3-8.0.1.el5.i386.rpm
File outdated by:  RHEA-2009:1332		     eafebca30be46a1f126a9085729dae91
libX11-devel-1.0.3-8.0.1.el5.i386.rpm
File outdated by:  RHEA-2009:1332		     7b2d2ba7bb68a47bd7662322e781ae7a
xorg-x11-apps-7.1-4.0.1.el5.i386.rpm     6515c78f537b870dfe18fdd3d53ddfb9
 
IA-64:
libX11-1.0.3-8.0.1.el5.i386.rpm
File outdated by:  RHEA-2009:1332		     eafebca30be46a1f126a9085729dae91
libX11-1.0.3-8.0.1.el5.ia64.rpm
File outdated by:  RHEA-2009:1332		     d9bf472eb7f382f576fd14002f5d1887
libX11-devel-1.0.3-8.0.1.el5.ia64.rpm
File outdated by:  RHEA-2009:1332		     cf8a8ffe44483347cdaa5c43e604b615
xorg-x11-apps-7.1-4.0.1.el5.ia64.rpm     e47e676aa542e3b64c8277ad792f0298
 
PPC:
libX11-1.0.3-8.0.1.el5.ppc.rpm
File outdated by:  RHEA-2009:1332		     23f1c00ed705fbd1e88d40a82fea50bd
libX11-1.0.3-8.0.1.el5.ppc64.rpm
File outdated by:  RHEA-2009:1332		     60c91ded38d03943378b21eb6ec57b24
libX11-devel-1.0.3-8.0.1.el5.ppc.rpm
File outdated by:  RHEA-2009:1332		     ecd2ee6fa8290b653b0e885eb432970f
libX11-devel-1.0.3-8.0.1.el5.ppc64.rpm
File outdated by:  RHEA-2009:1332		     ee670ec6168e6f2add6397e97da551b0
xorg-x11-apps-7.1-4.0.1.el5.ppc.rpm     3216a943acb93f3c8a8f4e764729143d
 
s390x:
libX11-1.0.3-8.0.1.el5.s390.rpm
File outdated by:  RHEA-2009:1332		     f44eab75f0bca9aab6aeec4ca273dcbf
libX11-1.0.3-8.0.1.el5.s390x.rpm
File outdated by:  RHEA-2009:1332		     baa7037daf2981a93f81ffa49d6b020a
libX11-devel-1.0.3-8.0.1.el5.s390.rpm
File outdated by:  RHEA-2009:1332		     2a169779c94277d62860dc5193a4f100
libX11-devel-1.0.3-8.0.1.el5.s390x.rpm
File outdated by:  RHEA-2009:1332		     b464e0943f917152bc558a03d6e5885e
xorg-x11-apps-7.1-4.0.1.el5.s390x.rpm     d5be859eeb98b2672e5dbbe5f1e98fc8
 
x86_64:
libX11-1.0.3-8.0.1.el5.i386.rpm
File outdated by:  RHEA-2009:1332		     eafebca30be46a1f126a9085729dae91
libX11-1.0.3-8.0.1.el5.x86_64.rpm
File outdated by:  RHEA-2009:1332		     ea143cb7bbe170730729d1dff11a54fa
libX11-devel-1.0.3-8.0.1.el5.i386.rpm
File outdated by:  RHEA-2009:1332		     7b2d2ba7bb68a47bd7662322e781ae7a
libX11-devel-1.0.3-8.0.1.el5.x86_64.rpm
File outdated by:  RHEA-2009:1332		     acadc303e67b0c14da568f0425fde65d
xorg-x11-apps-7.1-4.0.1.el5.x86_64.rpm     43a723f54a8905609c19501e67a9f040
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
libX11-1.0.3-8.0.1.el5.src.rpm
File outdated by:  RHEA-2009:1332		     4c6cf452385e085b57f53f32cb9d1521
xorg-x11-apps-7.1-4.0.1.el5.src.rpm     ff54c8414720357c1777beba9c7b9e25
 
IA-32:
libX11-1.0.3-8.0.1.el5.i386.rpm
File outdated by:  RHEA-2009:1332		     eafebca30be46a1f126a9085729dae91
xorg-x11-apps-7.1-4.0.1.el5.i386.rpm     6515c78f537b870dfe18fdd3d53ddfb9
 
x86_64:
libX11-1.0.3-8.0.1.el5.i386.rpm
File outdated by:  RHEA-2009:1332		     eafebca30be46a1f126a9085729dae91
libX11-1.0.3-8.0.1.el5.x86_64.rpm
File outdated by:  RHEA-2009:1332		     ea143cb7bbe170730729d1dff11a54fa
xorg-x11-apps-7.1-4.0.1.el5.x86_64.rpm     43a723f54a8905609c19501e67a9f040
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

231694 - CVE-2007-1667 XGetPixel() integer overflow


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1667
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/